Customer satisfaction survey 2021

[Marcos 4,361]

Dear users,
To start off let me thank you for being our valued customer. It's been our mission to provide you with quality and effective products that protect your digital words. We endeavor to listen to your feedback and tailor the products to your liking although we realize that it's impossible to fulfill everybody's expectations completely, especially when it comes to home users.

We would like you to spend a while answering the following questions which will give us insight into how you perceive ESET, our products and services and will help us improve things further.

Regards,
Marcos

[itman 1,436]

Comments:

7). Will not renew my EIS subscription unless LiveGuard capability is provided in EIS to block and submit for cloud scanning all locally detected suspicious Eset detection's. That is all currently files being submitted to LiveGrid but allowed to run.

8). LiveGuard in ESSP currently does not include the ability to set detection confidence levels and receive a suspicious verdict based on those levels as exists in EDTD. This would also include a display of suspicious factors found.

9). HIPS file wildcard specification capability that I have asked for years.

[sesk 3]

*friendly*

what do you want us, poor macos users, to say, itman? ;') 

[peteyt 316]

I'd like to add that that while I enjoy Eset and enjoy being part of the insider testing group, and have no plans myself in leaving, I've seen that some features missing are being offered by the competition and other users may decide to jump ship.

For example a lot are offering more features to help with ransomware e.g. protected folders, rollback etc. While these can go wrong e.g. ransomware may break into the protected folders, surely it is better to have it as extra protection.

Same goes with things like the ability to block things with no or low results. If disabled by default I can't see it causing too many issues if users are given a warning.

[Mr_Frog 9]

12 hours ago, itman said:

7). Will not renew my EIS subscription unless LiveGuard capability is provided in EIS to block and submit for cloud scanning all locally detected suspicious Eset detection's. That is all currently files being submitted to LiveGrid but allowed to run.

I feel, I'm very feeling!!! (Usyk)

[czesetfan 18]

9) Automatic whitelist rules, known programs - Edge, Chrome, office suites, etc. for HIPS and Firewall. There is too big a gap between the user's "Allow everything" and "Define everything exactly" options. It shouldn't be completely impossible to create rule sets for dozens (hundreds?) of known programs.

[Nightowl 168]

14 hours ago, itman said:

7). Will not renew my EIS subscription unless LiveGuard capability is provided in EIS to block and submit for cloud scanning all locally detected suspicious Eset detection's. That is all currently files being submitted to LiveGrid but allowed to run.

But I guess that's the point of why they have added it to Smart Security only , to make users upgrade to that version.

[Marcos 4,361]

2 minutes ago, Nightowl said:

But I guess that's the point of why they have added it to Smart Security only , to make users upgrade to that version.

It's considered a premium feature. Users who don't want to upgrade take advantage of both pico (streaming) updates and ESET LiveGrid which ensures that new borne detected or undetected malware spotted by at least one of ESET's users in the world is detected for all users with LiveGrid enabled within a few minutes. Even EDTD is sold as a separate product / service and is not part of an Endpoint license.

[Nightowl 168]

6 minutes ago, Marcos said:

It's considered a premium feature. Users who don't want to upgrade take advantage of both pico (streaming) updates and ESET LiveGrid which ensures that new borne detected or undetected malware spotted by at least one of ESET's users in the world is detected for all users with LiveGrid enabled within a few minutes. Even EDTD is sold as a separate product / service and is not part of an Endpoint license.

Yeah that's what I meant , and as a marketing step , it has worked on me to want to upgrade to Smart Security

[AZ Tech 32]

5). Not infected in the literal sense because most of the tests are done on a virtual machine, but I found some "not many" samples that were not detected by eset, and were detected by behavioral detection of another antivirus, of course that was before releasing LiveGuard .
and to be fair, under conditions of normal home user use and no intentional search for new malware samples this would not have happened.

8). I already have ESET Smart Security Premium , But I miss the "File Shredder" feature, because it makes no sense to provide the ability to encrypt the data and not provide the Possibility to delete the original data securely !!
LiveGuard also need improvement, I agree with @itman .


9). Advanced Behavioral Detection System with Ransomware Remediation and rolls back the changes made by malicious applications.

[Marcos 4,361]

11 minutes ago, AZ Tech said:

5). Not infected in the literal sense because most of the tests are done on a virtual machine, but I found some "not many" samples that were not detected by eset, and were detected by behavioral detection of another antivirus, of course that was before releasing LiveGuard .
and to be fair, under conditions of normal home user use and no intentional search for new malware samples this would not have happened.

8). I already have ESET Smart Security Premium , But I miss the "File Shredder" feature, because it makes no sense to provide the ability to encrypt the data and not provide the Possibility to delete the original data securely !!
LiveGuard also need improvement, I agree with @itman .


9). Advanced Behavioral Detection System with Ransomware Remediation and rolls back the changes made by malicious applications.

5, Feel free to let me know when you come across an undetected sample. We do our best to detect every new malware with LiveGrid itself. I'd rather not speculate if it was very fresh malware that it wasn't detected so I'll be glad to check it out instantly the next time you encounter such undetected sample.

8, Thanks for the suggestion re. File shredder. Re. LiveGuard, what improvements do you mean? LiveGuard is configured optimally for use by home users and provides balanced detection / protection with minimum false positives.

[itman 1,436]

7 hours ago, Marcos said:

Even EDTD is sold as a separate product / service and is not part of an Endpoint license.

I previously recommended in another forum posting: https://forum.eset.com/topic/29995-antivirus-version-1506/?do=findComment&comment=140966 that LiveGuard be offered as an add-on subscription service and therefore, be available to all Eset home product desktop versions. To that posting, I add that two subscription versions be provided;

1. The user friendly version that currently exists.

2, An advanced version having full EDTD customization options such as control over confidence level percentages and return of suspicious verdict detection's with factors that lead to the suspicious verdict.

Edited October 25, 2021 by itman

[AZ Tech 32]

5 minutes ago, Marcos said:

5, Feel free to let me know when you come across an undetected sample.

Of course, I will do this in case I find undetected samples, especially since I am very satisfied with my experience in informing you about some suspicious sites, this really makes me very satisfied .

 

12 minutes ago, Marcos said:

Re. LiveGuard, what improvements do you mean?

Sorry, I may not have made my point very well, what I mean is that LiveGuard reports need to be more detailed.
I know LiveGuard is geared towards the home user who may not have the ability to understand complex reports but why deprive someone who wants that feature?

Also, as I told you before in a separate post, the ability to send files to LiveGuard should only be added when trying to run it because the current sending mode in real time when extracting zip files or when starting to download executable files from the Internet is very annoying, at least it can be made It is optional for the user, the default settings should be as they are now because they are useful for inexperienced users with the option to not send any files to LiveGuard unless you try to run it.

[Marcos 4,361]

Regarding reports, they are not a standard part of EDTD/LiveGuard:

https://help.eset.com/edtd/en-US/?behavioral_report.html

[itman 1,436]

5 hours ago, Marcos said:

Regarding reports, they are not a standard part of EDTD/LiveGuard:

"It figures" that Eset would restrict usage to 100+ seat license holders and then charge extra for the reports thereby maximizing Eset revenue.

On the other hand as a Win 10 Pro user, I can subscribe to Microsoft Defender ATP and be provided its full capability including detailed analysis reports.

-EDIT-

Quote

The new Microsoft Defender for Endpoint standalone retail cost via CSP is $5.20/mo per user for up to 5 machines.

One MD ATP user license allows you to activate on up to 5 devices.

https://www.infusedinnovations.com/blog/secure-intelligent-workplace/microsoft-defender-atp-standalone-is-now-available

Also MD ATP stand-alone is available for Win 7 through Win 10 Pro+ versions.

Edited October 25, 2021 by itman

[New_Style_xd 61]

I just think ESET should take a closer look at the comments and suggestions about eset in the Future changes to "ESET Internet Security and ESET Smart Security Premium" topic there are a lot of things there that have been commented on and never posted.

[EAV8 2]

On 10/24/2021 at 3:53 PM, itman said:

Comments:

7). Will not renew my EIS subscription unless LiveGuard capability is provided in EIS to block and submit for cloud scanning all locally detected suspicious Eset detection's. That is all currently files being submitted to LiveGrid but allowed to run.

8). LiveGuard in ESSP currently does not include the ability to set detection confidence levels and receive a suspicious verdict based on those levels as exists in EDTD. This would also include a display of suspicious factors found.

9). HIPS file wildcard specification capability that I have asked for years.

You said everything.

[czesetfan 18]

16 hours ago, Marcos said:

5, Feel free to let me know when you come across an undetected sample. We do our best to detect every new malware with LiveGrid itself. I'd rather not speculate if it was very fresh malware that it wasn't detected so I'll be glad to check it out instantly the next time you encounter such undetected sample.

8, Thanks for the suggestion re. File shredder. Re. LiveGuard, what improvements do you mean? LiveGuard is configured optimally for use by home users and provides balanced detection / protection with minimum false positives.

What Detection threshold is set in ESSP for "clean", execute enable?
I'm assuming a level of "Clean" and "Suspicious"? 
"Highly suspicious" and "Malicious" are already blocked. 
I think the ability to set this will come to ESSP in time, similar to setting the "Machine Learning Kernel" level.

[ebill 8]

#8 -- Internet security has all the features I need at this time

Thanks for a great product -- ebill

[ReinaKirisame 0]

My opinion: 

on the hand, there are some problems with the product itself that deserve to be corrected.

9.

1.Ransom decoys (or HIPS to add end process option, I can write my own). Because the approach given by some users now is not simplified enough, I hope to provide similar functions.

2. HIPS improvements (wildcard, monitor reads, operation to add end process, etc.), the important thing is the wildcard and the ability to block the application's access to a specific folder.

3. Detection of specific threats can be enhanced, such as Flystudio, BlackMoon, etc. because threats written in these languages are still a factor that cannot be ignored. However, I noticed that only the non-Chinese version can detect and alert, the Chinese version has almost no alert except for the exact detection name. Rootkit detection and removal should need to be enhanced, as well as improving the vulnerability exploitation blocking component, which does little to nothing.

On the other hand, I hear somebody say rarely see a reply when using email to report. Because the submission of no response will have a sense of no one to detect, which is not conducive to the use of the user. Please improve this question.

Greeting.

[INDUS_MH 1]

Comment for 7:

We use the business products and will likely not be extending the subscription.

Reasons are the lacking integrations for automation and monitoring tools.

 

• SNMP can not be configured via webinterface
• Syslog logging is not useful (no logs are sent if an endpoint detects malware)
• I could find no integrations for SIEM, SOAR or SOC solutions.
• collecting logs from an endpoint via the ESET Protect webinterface fails most of the time.

 

[mathisbilgi 0]

11. Did you get accurate answers to your forum queries for the last year?

I don't know why but some forum posts were never answered. 

 

 

[Marcos 4,361]

44 minutes ago, mathisbilgi said:

11. Did you get accurate answers to your forum queries for the last year?

I don't know why but some forum posts were never answered. 

 

 

I'm sorry for that, I thought that you were talking about Micro updates which is something I could not help you with, however, I should have instructed you to contact Customer care regardless.

Anyways, now that I've re-read the topic you were talking about program updates. Generally we recommend updating from ESET's servers. In case you update more computers in a network, we recommend using an http proxy to cache update files. You can also use a local mirror but this will prevent endpoints from taking advantage of streamed (pico) updates that are issued every few minutes.

If you decide to update modules from a mirror and share the mirrored update files via an http proxy, use the update server http://%ServerIP%:%Port%.

It's similar with program updates; we recommend updating from ESET's repositories and using an http proxy to cache update files. If you decide to create a local repository and share the content via http, use the update server http://%ServerIP%:%Port% in the Program update section.

[Marcos 4,361]

On 11/2/2021 at 10:12 AM, INDUS_MH said:

Comment for 7:

We use the business products and will likely not be extending the subscription.
Reasons are the lacking integrations for automation and monitoring tools.

• SNMP can not be configured via webinterface
• Syslog logging is not useful (no logs are sent if an endpoint detects malware)
• I could find no integrations for SIEM, SOAR or SOC solutions.
• collecting logs from an endpoint via the ESET Protect webinterface fails most of the time.

I have asked a colleague to reply you. Many of our users use SIEM or SOAR systems so I'm quite positive that we will have a solution for you, too. We listen to our customers and endeavor for delivering you solutions tailored to your needs. The colleague will contact you regarding your concerns here soon.

As for the last question, the problem is that logs collected with ELC are usually very big, especially if there are also process dumps created in the Diagnostics folder on clients which inflates the generated archive a lot. Currently there is a hard limit of 200 MB for ELC logs which is probably why bigger logs are not sent to ESET PROTECT. Anyways, logs collected with ELC are intended for ESET staff, not sure if there are some logs that you are interested in too. It'd be good to know more details about the use case why you collect ELC logs. If you want to discuss some topic further, please create a new topic in the appropriate product subforum.

[ivc52 0]

EDTD/LiveGuard should be used in all versions.